1. 18 Apr, 2020 13 commits
  2. 17 Apr, 2020 11 commits
    • Magnus Kroken's avatar
      mbedtls: update to 2.16.6 · 02fcbe2f
      Magnus Kroken authored
      Security fixes for:
      * CVE-2020-10932
      * a potentially remotely exploitable buffer overread in a DTLS client
      * bug in DTLS handling of new associations with the same parameters
      
      Full release announement:
      https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
      
      Signed-off-by: default avatarMagnus Kroken <mkroken@gmail.com>
      02fcbe2f
    • Petr Štetiar's avatar
      kernel: bump 5.4 to 5.4.33 · 23916bca
      Petr Štetiar authored
      
      
      Refreshed patches, removed upstreamed patches:
      
       oxnas: 001-irqchip-versatile-fpga-Handle-chained-IRQs-properly.patch
       oxnas: 002-irqchip-versatile-fpga-Apply-clear-mask-earlier.patch
      
      Run tested: qemu-x86-64, apalis
      Build tested: x86/64, imx6, sunxi/a53
      Signed-off-by: default avatarPetr Štetiar <ynezz@true.cz>
      23916bca
    • Daniel Golle's avatar
      mac80211: make sure existing iface belongs to correct (fullmac) phy · 0495324b
      Daniel Golle authored
      
      
      Some FullMAC cfg80211 wireless devices do not support virtual
      interfaces, hence there is script logic to keep the existing network
      device. Improve this to support renaming the interface if needed and
      make sure the existing interface actually belongs to the right phy.
      Change calls to 'iw' to avoid outputing warnings and errors to not
      confuse users of such devices.
      
      Also bump PKG_RELEASE which has been forgotten in the previous two
      mac80211 changes.
      Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
      0495324b
    • David Bauer's avatar
      ath79: remove stray pipe · edf812e2
      David Bauer authored
      Fixes: 8918c038
      
       ("ath79: add support for AVM FRITZ!WLAN Repeater 1750E")
      Signed-off-by: default avatarDavid Bauer <mail@david-bauer.net>
      edf812e2
    • Lucian Cristian's avatar
      elfutils: aarch64 fix build on musl · 16ad4de2
      Lucian Cristian authored
      
      
      aarch64_initreg.c: In function 'aarch64_set_initial_registers_tid':
      aarch64_initreg.c:85:37: error: invalid operands to binary & (have 'long double' and 'unsigned int')
           dwarf_fregs[r] = fregs.vregs[r] & 0xFFFFFFFF;
                            ~~~~~~~~~~~~~~ ^
      Signed-off-by: default avatarLucian Cristian <lucian.cristian@gmail.com>
      16ad4de2
    • Petr Štetiar's avatar
      uboot-sunxi: bump to 2020.04 relase · 8e99bbda
      Petr Štetiar authored
      
      
      Refreshed patches, removed upstreamed patch:
      
       260-configs-a64-olinuxino-emmc-add-eMMC-boot-part-config.patch
      
      Boot tested on a64-olinuxino-emmc.
      
      Cc: Zoltan HERPAI <wigyori@uid0.hu>
      Signed-off-by: default avatarPetr Štetiar <ynezz@true.cz>
      8e99bbda
    • Petr Štetiar's avatar
      uboot-imx6: bump to 2020.04 release · 260a225b
      Petr Štetiar authored
      
      
      Refreshed all patches, run tested on apalis.
      
      Cc: Vladimir Vid <vladimir.vid@sartura.hr>
      Cc: Tim Harvey <tharvey@gateworks.com>
      Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
      Signed-off-by: default avatarPetr Štetiar <ynezz@true.cz>
      260a225b
    • David Bauer's avatar
      mac80211: drop data frames without key on encrypted links · 0f1b5ce2
      David Bauer authored
      
      
      If we know that we have an encrypted link (based on having had
      a key configured for TX in the past) then drop all data frames
      in the key selection handler if there's no key anymore.
      
      This fixes an issue with mac80211 internal TXQs - there we can
      buffer frames for an encrypted link, but then if the key is no
      longer there when they're dequeued, the frames are sent without
      encryption. This happens if a station is disconnected while the
      frames are still on the TXQ.
      
      Detecting that a link should be encrypted based on a first key
      having been configured for TX is fine as there are no use cases
      for a connection going from with encryption to no encryption.
      With extended key IDs, however, there is a case of having a key
      configured for only decryption, so we can't just trigger this
      behaviour on a key being configured.
      
      Cc: stable@vger.kernel.org
      Reported-by: default avatarJouni Malinen <j@w1.fi>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarDavid Bauer <mail@david-bauer.net>
      0f1b5ce2
    • David Bauer's avatar
      ath79: add support for AVM FRITZ!WLAN Repeater 1750E · 8918c038
      David Bauer authored
      
      
      This commit adds support for the AVM Fritz!WLAN Repeater 1750E
      
      SOC:	Qualcomm QCA9556 (Scorpion) 720MHz MIPS74Kc
      RAM:    64MB Zentel A3R12E40CBF DDR2
      FLASH:  16MiB Winbond W25Q128 SPI NOR
      WLAN1:  QCA9556 2.4 GHz 802.11b/g/n 3x3
      WLAN2:  QCA9880 5 GHz 802.11 n/ac 3x3
      INPUT:  WPS button
      LED:    Power, WiFi, LAN, RSSI indicator
      Serial: Header Next to Black metal shield
              Pinout is 3.3V - RX - TX - GND (Square Pad is 3.3V)
              The Serial setting is 115200-8-N-1.
      
      Tested and working:
       - Ethernet
       - 2.4 GHz WiFi (correct MAC)
       - 5 GHz WiFi (correct MAC)
       - Installation via EVA bootloader
       - OpenWRT sysupgrade
       - Buttons
       - LEDs
      
      Installation via EVA:
      In the first seconds after Power is connected, the bootloader will
      listen for FTP connections on 192.168.178.1. Firmware can be uploaded
      like following:
      
        ftp> quote USER adam2
        ftp> quote PASS adam2
        ftp> binary
        ftp> debug
        ftp> passive
        ftp> quote MEDIA FLSH
        ftp> put openwrt-sysupgrade.bin mtd1
      
      Note that this procedure might take up to two minutes.
      You need to powercycle the Device afterwards to boot OpenWRT.
      Signed-off-by: default avatarDavid Bauer <mail@david-bauer.net>
      8918c038
    • David Bauer's avatar
      ath79: add QCA9550 reset sequence · d883eaac
      David Bauer authored
      
      
      The QCA9550 family of SoCs have a slightly different reset
      sequence compared to older chips.
      
      Normally the bootloader performs this sequence, however
      some bootloader implementation expect the operating system
      to clear the reset. Also get the PCIe resets from OF to
      support the second RC of the QCA9558.
      
      This is required for the AVM FRITZ!WLAN Repeater 1750E to work,
      as EVA leaves the PCIe bus in reset.
      
      Tested: AVM FRITZ!WLAN Repeater 1750E - OCEDO Koala
      Signed-off-by: default avatarDavid Bauer <mail@david-bauer.net>
      d883eaac
    • Daniel Golle's avatar
      mac80211: fix detecting existing interface · 99d567a8
      Daniel Golle authored
      Instead of using the actual interface name, a hard-coded 'wlan0' has
      slipped into the script. Replace it.
      
      Fixes: ccf2aa9d
      
       ("mac80211: detect existing interface before adding")
      Reported-by: default avatarJohn Crispin <john@phrozen.org>
      Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
      99d567a8
  3. 16 Apr, 2020 5 commits
    • Koen Vandeputte's avatar
      kernel: add support for GD25D05 SPI NOR (5.4) · 75ef28be
      Koen Vandeputte authored
      
      
      This chip is used on newer RB912UAG-5HPnD r2 and 922UAGS-5HPacD boards:
      
      Before:
      
      [    0.824562] spi-nor spi0.0: unrecognized JEDEC id bytes: c8 40 10 c8 40 10
      [    0.831607] spi-nor: probe of spi0.0 failed with error -2
      
      After:
      
      [    0.825347] spi-nor spi0.0: gd25d05 (64 Kbytes)
      [    0.830291] 1 routerbootpart partitions found on MTD device spi0.0
      [    0.836577] Creating 1 MTD partitions on "spi0.0":
      [    0.841448] 0x000000000000-0x000000010000 : "partitions"
      [    0.848418] 4 routerbootpart partitions found on MTD device partitions
      [    0.855092] Creating 4 MTD partitions on "partitions":
      [    0.860318] 0x000000000000-0x00000000c000 : "routerboot"
      [    0.866548] 0x00000000c000-0x00000000d000 : "hard_config"
      [    0.872832] 0x00000000d000-0x00000000e000 : "bios"
      [    0.878580] 0x00000000e000-0x00000000f000 : "soft_config"
      Signed-off-by: default avatarKoen Vandeputte <koen.vandeputte@ncentric.com>
      75ef28be
    • Roger Pueyo Centelles's avatar
      ath79: reduce spi-max-frequency for Mikrotik wAP G-5HacT2HnD · c0430b8d
      Roger Pueyo Centelles authored
      
      
      The previous spi-max-frequency value did not work with all the CPU speed
      settings (configurable with rbcfg or from the stock firmware); the new
      one does for the three of them.
      Signed-off-by: default avatarRoger Pueyo Centelles <roger.pueyo@guifi.net>
      c0430b8d
    • Koen Vandeputte's avatar
      ath79: MikroTik: fix missing nand on kernel 5.4 · 20efd561
      Koen Vandeputte authored
      
      
      Following symbol got renamed upstream:
      CONFIG_MTD_NAND --> CONFIG_MTD_RAW_NAND
      
      Also add this renamed symbol so NAND also works on kernel 5.4.
      
      After:
      [    0.628372] nand: device found, Manufacturer ID: 0xec, Chip ID: 0xf1
      [    0.634862] nand: Samsung NAND 128MiB 3,3V 8-bit
      [    0.639554] nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
      [    0.647263] Scanning device for bad blocks
      [    0.656228] random: fast init done
      [    0.789652] 3 fixed-partitions partitions found on MTD device ar934x-nand
      [    0.796550] Creating 3 MTD partitions on "ar934x-nand":
      [    0.801874] 0x000000000000-0x000000040000 : "booter"
      [    0.807715] 0x000000040000-0x000000400000 : "kernel"
      [    0.813551] 0x000000400000-0x000008000000 : "ubi"
      Signed-off-by: default avatarKoen Vandeputte <koen.vandeputte@ncentric.com>
      20efd561
    • Koen Vandeputte's avatar
      kernel: bump 4.19 to 4.19.115 · 3c382543
      Koen Vandeputte authored
      
      
      Refreshed all patches.
      
      Remove upstreamed:
      - 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
      - 184-USB-serial-option-add-Wistron-Neweb-D19Q1.patch
      
      Fixes:
      - CVE-2020-8647
      - CVE-2020-8648 (potentially)
      - CVE-2020-8649
      
      Compile-tested on: cns3xxx
      Runtime-tested on: cns3xxx
      Signed-off-by: default avatarKoen Vandeputte <koen.vandeputte@ncentric.com>
      3c382543
    • Koen Vandeputte's avatar
      kernel: bump 4.14 to 4.14.176 · e31d158c
      Koen Vandeputte authored
      
      
      Refreshed all patches.
      
      Remove upstreamed:
      - 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch
      - 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
      - 184-USB-serial-option-add-Wistron-Neweb-D19Q1.patch
      
      Fixes:
      - CVE-2020-8648 (potentially)
      - CVE-2020-8647
      - CVE-2020-8649
      
      Compile-tested on: cns3xxx, octeontx
      Runtime-tested on: cns3xxx
      Signed-off-by: default avatarKoen Vandeputte <koen.vandeputte@ncentric.com>
      e31d158c
  4. 15 Apr, 2020 3 commits
  5. 14 Apr, 2020 8 commits
    • Paul Spooren's avatar
      x86: append metadata to combined images · f8141216
      Paul Spooren authored
      
      
      Now that the x86 target uses the new image generation code we can also
      attach metadata to the created images.
      
      As currently the `SUPPORTED_DEVICES` list is empty, no JSON metadata is
      attached, however the signing happens in the same step.
      
      This results in signature verification for x86 images.
      Signed-off-by: default avatarPaul Spooren <mail@aparcar.org>
      f8141216
    • Paul Spooren's avatar
      scripts/download: add sources CDN as first mirror · c737a9ee
      Paul Spooren authored
      
      
      OpenWrt now has a CDN for sources at sources.cdn.openwrt.org which
      mirrors sources.openwrt.org.
      
      Downloading sources outside Europe or US (mainland) could
      result in low throughput, extremely slowing down the first compilation of
      the build system.
      
      This patch adds sources.cdn.openwrt.org as the first mirror to offer
      worldwide fast download speeds by default. If the CDN goes down for
      whatever reason, the script jumps to the next available mirror and
      downloads requested files as before (in regional varying speed).
      Signed-off-by: default avatarPaul Spooren <mail@aparcar.org>
      Acked-by: default avatarEneas U de Queiroz <cotequeiroz@gmail.com>
      c737a9ee
    • Paul Spooren's avatar
      scripts: JSON merge don't crash if no JSON found · 14cbd8fb
      Paul Spooren authored
      
      
      The JSON `WORK_DIR` ($(KDIR)/json_info_files) is only created if the new
      image generation methods from `image.mk` are used. However some targets
      like `armvirt` do not use it yet, so the folder is never created.
      
      The `json_overview_image_info.py` script used to raise an error if the
      given `WORK_DIR` isn't a folder, however it should just notify about
      missing JSON files.
      
      This patch removes the Python assert and exists with code 0 even if no
      JSON files were found, as this is not necessarily an error but simply
      not yet implemented. Using `glob` on an not existing `Path` results in
      an empty list, therefore the for loop won't run.
      Signed-off-by: default avatarPaul Spooren <mail@aparcar.org>
      CC: Petr Štetiar <ynezz@true.cz>
      14cbd8fb
    • Petr Štetiar's avatar
      kernel: bump 5.4 to 5.4.32 · 0bea89a1
      Petr Štetiar authored
      
      
      Refreshed patches, removed upstreamed patches:
      
       generic: 746-stable-net-dsa-mt7530-fix-null-pointer-dereferencing-in-por.patch
      
      Run tested: qemu-x86-64, apalis
      Build tested: x86/64, imx6, sunxi/a53
      Signed-off-by: default avatarPetr Štetiar <ynezz@true.cz>
      0bea89a1
    • Ansuel Smith's avatar
      ipq806x: add patch to fix broken buttons · 9abf0124
      Ansuel Smith authored
      
      
      From kernel 4.20 msm-gpio driver is broken and cause the
      malfunction of the buttons on every ipq806x target.
      Add a patch to fix this.
      Tested-by: default avatarHannu Nyman <hannu.nyman@iki.fi>
      Signed-off-by: default avatarAnsuel Smith <ansuelsmth@gmail.com>
      9abf0124
    • Daniel Golle's avatar
      procd: jail fixes and improvements · 7c2e0fa5
      Daniel Golle authored
      
      
       32c717e jail: only mess with rootfs if CLONE_NEWNS was set
       b275a62 instance: harmonize instance API
       511fd97 jail: make /proc more secure
       4953b7c jail: mount /sys read-only
       a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
       a4cc165 jail: always mount /dev as additional tmpfs
      Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
      7c2e0fa5
    • Daniel Golle's avatar
      netifd: clean up netns functionality · e23de628
      Daniel Golle authored
      
      Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
      e23de628
    • Adrian Schmutzler's avatar
      ath79: further fixes for ZyXEL NBG6716 · d0cb6e99
      Adrian Schmutzler authored
      
      
      This applies further fixes to the DTS of ZyXEL NBG6716 based on
      what is found in ar71xx (mach-nbg6716.c):
      
      - use WiFi label names as in ar71xx
      - fix WPS gpio number
      - fix GPIO_ACTIVE_HIGH and mode for WiFi switch
      - add codes for USB eject buttons
      - fix node name for "internet" LED
      
      This device has separate LEDs for WAN and "Internet". As the WAN-LED
      (and the four LAN-LEDs) are driven independent of the setup in
      DT/01_leds, the "internet" LED is left unassigned (in contrast to
      ar71xx, where it was set up effectively as a second WAN LED)
      Signed-off-by: default avatarAdrian Schmutzler <freifunk@adrianschmutzler.de>
      d0cb6e99